DHIS2 is a free, open-source, fully customizable platform for collecting, analyzing, visualizing, and sharing aggregate and individual-data for district-level, national, regional, and international system and program management in health, education, and other domains.

Website: https://www.dhis2.org/

Type of Digital Public Good

  • Open content
  • Open data
  • ✅  Open software
  • Open standard
  • Open AI model

1. Is it relevant to one of the Sustainable Development Goals?

  • 3. Good Health and Well-being

    Evidence: DHIS2 is the world's largest Health Management Information System platform, and is currently in use in more than 73 low- and middle-income countries, 60 are deployed at national scale. DHIS2 is also used by national health authorities and international health programs and organizations (such as WHO, Pepfar, The Global Fund, Gavi) for management of health programs related to specific diseases, such as HIV, TB, Malaria, and others. In addition, during the COVID-19 pandemic, at least 36 countries rapidly deployed DHIS2 for national pandemic response.

    Link to Evidence: Additional information:
    About DHIS2: https://www.dhis2.org/about
    Overview of DHIS2 deployments: https://www.dhis2.org/in-action
    DHIS2 for COVID-19 surveillance: https://www.dhis2.org/covid-19

  • 4. Quality Education

    Evidence: DHIS2 is also now being deployed as an Education Management Information System (EMIS) in several countries, which facilitates more effective triangulation of data between health and education programs (for example, vaccination campaigns targeting school-aged children), as well as supporting purely education-related goals.

    Link to Evidence: DHIS2 for Education: https://www.dhis2.org/education

  • 17. Partnerships to achieve the Goal

    Link to Evidence: The HISP mission statement: https://www.mn.uio.no/ifi/english/research/networks/hisp/
    Selection of HISP research related to DHIS2: https://dhis2.org/research/

2. Does it use an appropriate open license?

Yes, this project is licensed under the following license(s):

3. Is ownership clearly defined?

Is the ownership of the project and everything that the project produces clearly defined and documented?


If yes - please link to the relevant copyright, trademarks, or ownership documentation for the project.


4. Does the license of libraries/dependencies undermine the openess of the project?

Does this open project have mandatory dependencies (i.e. libraries, hardware) that create more restrictions than the original license?


If yes - are the open source components able to demonstrate independence from the closed component(s) and/or are there functional, open alternatives?

Not Applicable

If yes - please describe how the open source components are independent and/or list the open alternatives for the closed component:

Not Applicable

5. Is there documentation?

Does some documentation exist of the source code, use cases, and/or functional requirements. For software projects, this should be present as technical documentation that would allow a technical person unfamiliar with the project to launch and run the software. For datasets and data projects, this should be present as documentation that describes all the fields in the set, and provides context on how the data was collected and how it should be interpreted. For content collections, this should indicate any relevant compatible apps, software, hardware required to access the content and any instructions about how to use it.


If yes - please link to the relevant documentation:

6. Is non PII data and/or content accessible?

Does this project collect or use non-personally identifiable information (non-PII) data and/or content?


If yes - is there a mechanism for extracting or importing non-personally identifiable information (non-PII) from the system in a non-proprietary format?


If yes - describe the mechanism for extracting or importing non-personally identifiable information from the system in a non-proprietary format:

Non-PII data can be extracted and/or imported using the DHIS2 Web API as described here: https://docs.dhis2.org/en/develop/using-the-api/dhis-core-version-235/web-api.html and via the Import-Export App within DHIS2

7. Does the project adhere to privacy and other applicable international and domestic laws?

Has this project taken steps to ensure adherence with relevant privacy, domestic, and international laws? For example, the General Data Protection Regulation (GDPR) in the European Union or the Supplementary Act A/SA.1/01/10 on Personal Data Protection for the Economic Community of West African States (ECOWAS) (yes/no)


If yes, please list some of relevant laws that the project complies with:

  • All activities pertaining to data collection, storage and analysis in the European region are governed by the General Data Protection Regulation (GDPR) and relevant Norwegian legislation.
  • For countries using the DHIS2 software in other regions are responsible for complying with local legislation

If yes, please describe the steps this project has taken to ensure adherence (include links to terms of service, privacy policy, or other relevant documentation):

Not Applicable

8. Does the project adhere to standards and best practices?

Does this project support standards? (i.e. Web Content Accessibility Guidelines (WCAG) 2.1 or other standards such as those listed on W3C)


Which standards does this project support (please list)

  • FHIR
  • CVX
  • ADX
  • ICD-10
  • ICD-11
  • mCSD
  • SVCM

Can you point to evidence of your support? (i.e. please link to your validator, open test suite, etc.)

Was this project built and developed according to or in adherence with any design, technical and/or sector best practices or principles? i.e. the Principles for Digital Development?


Which principles and best practices does this project support (please list)

  • DHIS2 software is developed in line with the Principles for Digital Development, relying on close input from the global DHIS2 community and findings from health information research.
  • The DHIS 2 development process follows agile development process, with frequent releases, development in close collaboration with end users, early delivery of working software and emphasis on simplicity.

9. Does the project do no harm by design?

Has this project taken steps to anticipate, prevent and do no harm by design?

On the whole, does this project take steps to ensure that it anticipates, prevents and does no harm by design?


Is there any additional information you would like to share about the mechanisms, processes or policies that this project uses to avoid doing harm by design?

As previously described in this survey, the DHIS2 software is provided with tools and guidelines to mitigate security and privacy risks. Proper adherence to these is the responsibility of each individual organization that implements the DHIS2 software, since each instance of the software is locally owned and maintained, and the DHIS2 core team does not have access to individual country databases. To the extent that the University of Oslo is involved in implementation of the software in-country -- either directly or via our HISP network -- we strive to adhere to best practices for data security and privacy, in accordance with local laws.

9.a. Data Privacy & Security

Does this project collect or store personally identifiable information (PII) data and/or content?


If yes - please list the types of data and/or content collected and/or stored by the project:

If yes - does this project share this data and/or content with third parties?


Please describe the circumstances with which this project shares data and/or content with third parties. Please add links as relevant.

Not Applicable

If yes - does the project ensure the privacy, security and integrity of this data and/or content collection and has it taken steps to prevent adverse impacts resulting from its collection, storage and distribution.


If yes - please describe the steps, and include a link to the privacy policy and/or terms of service:

DHIS2 features configurable access control levels that restrict access to specific kinds of information to particular user roles, groups, and organization units. Additionally, metadata can be defined as either public or private. The DHIS2 database itself can be encrypted. A discussion of some privacy controls can be found here: https://community.dhis2.org/t/how-does-dhis2-protect-personal-information-the-tech-details/5335/2

9.b. Inappropriate & Illegal Content

Does this project collect, store or distribute content?


If yes - what kinds of content does this project, collect, store or distribute? (i.e. childrens books)

Not Applicable

If yes - does this project have policies that describe what is considered innappropriate content? (i.e. child sexual abuse materials)

Not Applicable

If yes - please link to the relevant policy/guidelines/documentation.

Not Applicable

If yes - does this project have policies and processes for detecting and moderating innappropriate/illegal content?

Not Applicable

If yes - please describe the policies and processes for detecting, reporting and removing innapropriate/illegal content (Please include the average response time for assessment and/or action. Link to any policies or descriptions of how inappropriate content is handled):

Not Applicable

9.c. Protection from harassment

Does this project facilitate interactions with or between users or contributors?


If yes - does the project take steps to address the safety and security of underage users?


If yes - please describe the steps this project takes to address risk or prevent access by underage users:

  • Interactions between users / contributors on this project are managed through an online forum, the DHIS2 Community of Practice: https://developers.dhis2.org/community
  • The target audience for this community is skilled users of the DHIS2 software (expected age 20+), and discussion is limited to topics relating to software implementation and use.
  • The age limit for participation on the forum is set at 13 or older. At this point, we have no reason to believe that any underage users are participating in our forum.
  • In regards to the DHIS2 software itself, access controls are established by the countries or organizations implementing the software, which is targeted at professional users.

If yes - does the project help users and contributors protect themselves against grief, abuse, and harassment?


If yes - please describe the steps taken to help users protect themselves.

  • The DHIS2 discussion forum:
  • - is governed by clearly stated community guidelines: https://community.dhis2.org/faq
  • - is actively moderated by members of the DHIS2 core team, who can flag and remove content or comments as needed.

Development & deployment countries

List of countries this project was developed in.

  • Norway
  • South Africa

List of countries this project is actively deployed in.

  • Afghanistan
  • Algeria
  • Angola
  • Bangladesh
  • Benin
  • Bhutan
  • Botswana
  • Burkina Faso
  • Burundi
  • Cambodia
  • Cameroon
  • Cabo Verde
  • Central African Republic
  • Chad
  • Colombia
  • Comoros
  • Democratic Republic of the Congo
  • Djibouti
  • Timor-Leste
  • Eritrea
  • Ethiopia
  • Ghana
  • Grenada
  • Guinea
  • Guinea-Bissau
  • Haiti
  • Honduras
  • India
  • Indonesia
  • Côte d'Ivoire
  • Kenya
  • Laos
  • Lebanon
  • Lesotho
  • Liberia
  • Libya
  • Madagascar
  • Malawi
  • Maldives
  • Mali
  • Mauritania
  • Mongolia
  • Mozambique
  • Myanmar
  • Namibia
  • Nepal
  • Niger
  • Nigeria
  • Pakistan
  • Palestine State
  • Congo (Congo-Brazzaville)
  • Rwanda
  • Sao Tome and Principe
  • Senegal
  • Sierra Leone
  • Solomon Islands
  • Somalia
  • Somalia
  • South Africa
  • South Sudan
  • Sri Lanka
  • Sudan
  • Tajikistan
  • Tanzania
  • Gambia
  • Togo
  • Tonga
  • Uganda
  • Vanuatu
  • Vietnam
  • Yemen
  • Zambia
  • Zimbabwe